What are the survey highlights?

• 98% of lawyers surveyed said that digital evidence identified during e-disclosure had been vital to the success of legal matters
• 51% of lawyers admitted to problems identifying and recovering electronically stored information in the last three months
• Over half of respondents struggled with the amount of information that had to be searched (often millions of electronic files could be relevant to a case)
• 24% of lawyers said they lacked sufficiently sophisticated e-disclosure technology to conduct thorough investigations

As experts in digital evidence and e-disclosure, this survey is obviously close to our hearts.  With 91% of EMEA lawyers rating the importance of digital evidence in routine legal matters as critical to day to day work, the industry is recognising what we’ve known for a long time - electronic information is key to legal cases and should be handled with care.

It is also worth pointing out at this stage that the method of collecting the electronic information is also key.  To maintain the integrity of data we would always recommend using a qualified computer forensic expert and not internal IT personnel and treating all electronic information as evidence.  This ensures that all legal bases are covered should the case come before court.

The relationship between digital evidence and e-disclosure is more closely interlinked than perhaps previously thought.  Few digital forensic companies are able to offer e-disclosure services and few e-disclosure companies are able to offer digital forensics - but doesn’t it make sense to provide a synergy of services and skills?  The client receives one solution which offers the identification of digital data, the forensic collection of this data, and the processing and review of the refined data set.

Originally set up as a computer forensics firm over eight years ago, CY4OR has been able to apply the skills, techniques and experience learnt over this time to the more recent service of e-disclosure.  After all, computer forensics is the controlled investigation of digital data and isn’t that also what e-disclosure is?

Key findings of the ZyLAB research as reported by Legal Technology Insider include:

• Energy companies in the FTSE 100 scored the highest risk rating, averaging 7.75 out of 10, closely followed by travel (7.5) and pharmaceutical companies (7.5), partly driven by the heightened risk of providing consumer services and products and operating in an environmentally sensitive area, which was only recently demonstrated by BP being sued £3bn for the Gulf of Mexico oil spill. Finance companies also scored highly (7), which could be down to increased market volatility and heavy regulation, following the recent banking crisis.
• Almost two thirds (62%) of the FTSE 100 have previously been sued or initiated legal action, highlighting the increasingly litigious environment, and with 65% of the FTSE 100 having US offices and 88% global operations, this inclination to sue could get worse in line with the highly litigious nature of the US and complexities of international legal requirements.
• 92% of the FTSE 100 were found to have disparate information channels across the business eg twitter, email and paper, and with the growing use of non-searchable multimedia platforms like YouTube and technologies which move data outside the organisation, such as cloud computing, organisations could be storing up a huge problem if requested to provide information to meet legal requirements.
• Almost a quarter (21%) of FTSE 100 companies have a lower share price today than they did a year ago, indicating increased pressure from shareholders to improve the financial position of the company. In line with Fulbright’s 2009 Litigation Trends Report which revealed that “repercussions from the economic downturn are chief among the reasons for expecting more litigation”, increased financial pressure could imply these FTSE 100 companies are more inclined to take out legal action for cases that otherwise might be more easily resolved. 
• Only 12% of FTSE 100 companies were judged to be ‘low risk’, with real estate and retail companies amongst the lucky few. With international budget cuts affecting revenue opportunities and diminishing consumer spending power, these organisations could however find themselves rapidly moving into higher risk categories.

http://www.cifas.org.uk/download/The_Internal_Betrayal_CIFAS_Special_Report.pdf

This report noted a 45% increase in the number of cases of fraud committed by employees, compared with 2008.  In 2010, a projected increase of 62% is anticipated in the number of cases of staff unlawfully obtaining or disclosing personal data, and this figure just includes the frauds that are recorded and proven.

Organisations are becoming increasingly aware of the threat from within and with statistics showing this problem is increasing, organisations need to look at ways to effectively prevent these frauds to limit reputational damage and financial fallout.

General controls suggested by CIFAS include:

• Education and training - security awareness programme
• Professional investigative capability and well publicised deterrent
• Fraud and theft detection
• Communication and intelligence
• Audit trails, logs and reconciliations
• Monitoring and exiting of high risk posts
• Segregation and compartmentalisation
• Access (logical and physical) controls
• Information classification and protection
• Foster good industrial relations
• Realistic target programmes
• Duty to report

An understanding of why employees commit fraud is also beneficial in tackling this problem.  The three major fields of motivation include greed, need and a miscellaneous group including revenge, competitive sabotage, peer pressure, or excitment.

It is impossible to prevent every fraud, therefore if employee fraud is detected then forensic specialists should be used to ensure the evidence is preserved correctly and admissable in court should a case be brought against an employee - afterall, every action leaves a fingerprint and digital fingerprints may provide indisputable evidence.

The case study below highlights how forensic action secured sufficient evidence to bring fraudsters to justice:

Case Study

PKF was engaged by a Private Equity firm in London in respect of issues it had with a current and ex-employee of one of its investments. It was believed that the current employee was passing sensitive company information to the ex-senior employee who was on ‘garden leave’ to assist him in successfully setting up a rival business.

PKF began by gathering intelligence from the public domain and through access to a network of tried and tested private sources located domestically and internationally PKF was able to provide a full profile of the rival business belonging to the ex-employee in question The intelligence gathered also enabled PKF to identify the arrangements the ex-employee had established with suppliers, which clients of the Private Equity firm had already been approached and which other former colleagues he had remained in contact with.

Then the client turned its attention to evidence which would be admissible in a UK court. A critical aspect of this was the evidence based in digital storage media, such as email servers and mobile devices.  In order to ensure admissibility of this evidence in court the company turned to CY4OR to undertake the Forensic IT aspect of the investigation. 

As a result of CY4OR’s computer forensics investigation it was revealed that pricing structures, marketing initiatives, and client lists had been emailed to the ex employee over a 6 month period. Following an analysis of the ex employee’s imaged hard drive, it was revealed that the ex employee had been emailing similar information to a private web-based email account prior to leaving the firm.

CY4OR also conducted a forensic investigation of the current employee’s work iPhone and an investigation of the ex employee’s returned work blackberry. As a result, It was revealed that the plan had been hatched around 6 months before the ex employee’s dismissal. This was supported by the emails uncovered in the computer forensics investigation.

Finally, PKF also provided a forensic analysis for the quantum of loss due to the success of the rival business (taking clients away) and expert testimony in court.

 If you would like to find out more please join us at our seminar - to make a booking please contact bethan.williams@cy4or.co.uk  0161 797 8123.

This lack of understanding means bribery could potentially become big business for law firms with organisations facing corporate fraud and bribery prosecutions. 

In summary, the Act introduces four new offences:

1. an offence of active bribery, including giving or offering a bribe, whether in the public or private sector
2. an offence of passive bribery, including agreeing to receive or accept a bribe
3. an offence of bribing a foreign public official
4. a corporate offence which applies when a commercial organisation fails to prevent bribery

The potential minefield that this Act opens up is massive.  Law firms will be advising clients on the scope of the Act in relation to legal liability and risk.  Every organisation will need to undertake its own risk assessment and follow this up with a detailed programme putting in place appropriate anti-bribery processes and procedures which match the identified risks.

Philip Henson, a partner at solicitors Bargate Murray emphasises the upside to the arrival of the Act, “people will come to see anti-bribery provisions in the same light as Corporate Social Responsibility, as a new seal of approval for a modern business”, he says.

The virus, called Zeus 3, automatically checks whether there is more than £800 in the account before replacing the normal screen with a bogus website while making transfers to money mules.  The virus was intentified by M86, a US security firm.

Ed Rowley, product manager at M86, said “it’s the first time we’ve seen it (tojan viruses) this automated and attacking UK banks.  We’ve seen similar attacks in Germany.  They will have targeted a big bank because they have a lot of customers.  What they’re exploiting is users’ web browsers rather than the bank’s systems themselves”.

Last year £59.7 million was stolen through online banking fraud and this figure is set to rise in 2010.  According to the latest report by Symantec on virus threats across Europe, the Middle East and Africa, the UK ranked second for malicious activity between April and June this year.

It is important for individuals to protect their personal computers.  Ensuring that the computer is protected by up to date anti-virus software is crucial.  If an individual suspects they have been defrauded, computer forensics can be used to identify whether the computer was attacked by a virus.

Interestingly, the US Library of Congress recently ruled that jailbreaking iPhones does not breach copyright law, although a similar ruling has yet to be introduced in the EU.

Mobile forensics is becoming widely established as a vital component of modern policing with forces across the country embracing the technology and increasingly “doing it for themselves” rather than relying on third party outsourcing – something that actually makes economic sense.  And interestingly, the more complicated that mobile phones become the better a source of potentially incriminating data they are.  Jose Sanchez de Muniain finds out what the fuss is about and uncovers how the latest smart phones are – literally – forensic gold mines.

Dan Williams is a mobile phone forensics investigator at CY4OR, a global computer forensics company that conducts investigations on a broad range of digital media, including computers, PDAs and mobile phones.  Williams’ duties involve acquisition of handsets, examination, reports, and witness statements, plus appearances at court as an expert witness if required.

While traditionally CY4OR’s workload would mostly entail law enforcement work, the company has noticed a shift away from this work and now there is a 70-30% split in favour of commercial cases.  Such cases may relate for instance to the examination of company handsets used by a departing employee (eg to check no data has been lifted): “There is a rise in IP theft because the plethora of small devices such as thumb drives means it is much simpler, and therefore perhaps more tempting.  But it does leave footprints we can investigate.”   Today, explains Williams, the trend in the police is towards “civilianising” many of their units.  “Traditionally officers could have served two years in the cybercrime unit, and then gone back on the street. But they realised that it didn’t make sense to train them up and spend all that money to then do that.”

Williams handles between 10 and 20 devices per week.   “Most investigations ask for a logical examination, but often the Defence is more interested in a physical examination in order to get deleted information.  Often a client may feel that deleted text messages may turn the case in their favour.  Or they may want to get hold of call logs that are no longer viewable on the handset as they may have been deleted.”

So what kind of issues require clarification in court?   Williams says most court appearances relate to technical
clarification.  “With mobile phones dates and times are often called into question – the log of when a text was sent, for example, may differ from a billing record.   That’s often down to date and time changes on a handset, and how that could have happened.  If a battery dies the phone may reset the time and date.   Also, the only completely accurate times on phones are actually on inbound text messages, because those dates and times are put on by the telephone network – other dates and times are taken form the handset locally.  So sometimes the Court needs more detailed explanation.”